Systems and methods for establishing secure communication using close proximity wireless communication

ABSTRACT

The present disclosure provides systems and methods for utilizing close proximity wireless communication (CPWC) technology for a secure out-of-band (OOB) transfer of communication information between two or more devices at close range. The communication information may then be used to establish a secure communication channel over a greater distance than possible using CPWC technologies. In various embodiments, a host device may include a processing unit in communication with a communication module and a separate CPWC module. An edge device may include a processing unit in communication with a communication module and a CPWC tag. The CPWC tag may be configured to receive communication information from the CPWC module of the host device. The edge device may then use the communication information to facilitate secure communication via the communication module of the edge device and the communication module of the host device.

TECHNICAL FIELD

This disclosure relates to electronic communication. Specifically, thisapplication relates to out-of-band network configurations using closeproximity wireless communication technologies.

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments of the disclosure aredescribed herein, including various embodiments of the disclosureillustrated in the figures listed below.

FIG. 1 illustrates an embodiment of multiple local area networks (LANs)connected to a wide area network (WAN).

FIG. 2 illustrates an embodiment of a Zigbee network, including a Zigbeecoordinator and multiple Zigbee edge devices.

FIG. 3 illustrates an embodiment of a WAN, a local Wi-Fi network,various Wi-Fi edge devices, a local Zigbee network, and various Zigbeeedge devices.

FIG. 4A illustrates an embodiment of a host device, including aprocessing unit, a wireless communication module, and an NFC module.

FIG. 4B illustrates an embodiment of an edge device, including aprocessing unit, a wireless communication module, and a dynamic NFC tag.

FIG. 5A illustrates a host device with a key, and an edge device withoutthe key.

FIG. 5B illustrates the NFC module associated with the host deviceexchanging the key with the dynamic NFC tag associated with the edgedevice.

FIG. 5C illustrates the key transferred to the edge device.

FIG. 5D illustrates the key transferred from the dynamic NFC tag to theprocessing unit of the edge device.

FIG. 5E illustrates the edge device securely communicating with the hostdevice via the wireless communication modules using the exchanged key.

FIG. 6 illustrates a method for an out-of-band exchange of communicationinformation between two devices using NFC to facilitate securecommunication.

The illustrated and described features, structures, and/orcharacteristics of the systems and methods described herein may becombined in any suitable manner in one or more alternative embodiments,and may differ from the illustrated embodiments.

DETAILED DESCRIPTION

According to various embodiments, a close proximity wirelesscommunication (CPWC) technology may be used for a secure out-of-band(OOB) transfer of communication information between two or more devicesat close range. The communication information may then be used toestablish a secure communication channel over a greater distance thanpossible using CPWC techniques (e.g., via a Wi-Fi communicationchannel).

Throughout this disclosure, near field communication (NFC) is used asthe exemplary CPWC. However, it will be appreciated that any of a widevariety of alternative CPWC systems and methods may be substituted inmany of the embodiments described herein. Suitable CPWC systems andmethods include any communication method or system configured to allowshort-range wireless communication (i.e., less than approximatelyseveral tens of centimeters). Examples of suitable CPWC systems andmethods include NFC, near-body electric-field communication,TransferJet, variations of Bluetooth including Bluetooth low energy, andother wireless magnetic and/or electromagnetic short-range data transfertechniques, including those using radio frequency identification (RFID).

In various embodiments, communication information is described as beingexchanged between two wireless devices. As used herein, the term“exchange” includes both the unidirectional transmission of data and thebidirectional transceiving of data. Thus, two devices can be said toexchange information, even if one of the devices only transmitted dataand the other device only received data.

In some embodiments, one or more of the devices may utilize thecommunication information exchanged via NFC to securely communicate viaa second communication channel. The second communication channel may beconsidered the in-band communication channel and the NFC communicationchannel may be considered the 00B communication channel. The in-bandcommunication channel may allow for communication over a greaterdistance than possible with NFC. For example, a host device may transmita password to an edge device using NFC. The edge device may thencommunicate with the host device over a Wi-Fi network using theexchanged password.

The presently described systems and methods for establishing securecommunication using NFC may be applicable to any of a wide variety ofnetwork topologies, technologies, and protocols. For instance, it may beuseful to provide edge devices with various configuration settingsand/or authentication data to allow the edge devices to connect to arouter in a local area network (LAN). As a specific example, a personalcomputing device may be an edge device that is capable of connecting toa Wi-Fi router functioning as a host device. A user may select an SSIDon the personal computing device and provide a corresponding password inorder to connect the personal computing device to the Wi-Fi router.

As another example, it may be useful to pair edge devices in a Zigbeenetwork with a Zigbee coordinator. Pairing the Zigbee edge devices withthe Zigbee coordinator may include the unidirectional or bidirectionalexchange of communication information regarding the Zigbee network.

In still other embodiments, any combination of any network types,topologies, technologies, protocols, and/or other network definitionsmay be combined. For example, any of a wide variety of routers, modems,hubs, switches, and other network components may facilitate theinterconnection of various LANs utilizing disparate technologies and/orprovide interconnections via a wide area network (WAN).

Various embodiments of this disclosure relate to the secure exchange ofcommunication information between two devices for establishing a securecommunication channel. The “exchange” of communication information maybe unidirectional or bidirectional in the various embodiments, asappropriate and consistent with specific embodiments. The communicationinformation may be any information used by one or more of thecommunicating devices for network communication. For example,communication information may include any network configuration setting,communication parameter, protocol identifier, port number, networkaddress, keychain information, code, digital signature, certificate,passphrase, login information, SSID, authentication key, password,and/or any other network framework data. The communication informationmay also relate to specific security requirements, light-weight programsor add-ons, and/or virtual private network setting information.

As a specific example, two devices may exchange a passkey. The passkeymay be transferred from one device to the other device, or the passkeymay be jointly generated using information from each of the devices. Thepasskey may be used to establish a secure communication channel, encryptand decrypt communication, and/or otherwise facilitate securecommunications between the two devices.

In various embodiments, a user may, at least partially, providecommunication information to an edge device and/or a host device tofacilitate secure communication between the edge device and the hostdevice. In other embodiments, communication information may beautomatically or semi-automatically transferred between the devicesusing an in-band data transfer. That is, communication information maybe transmitted between devices using the same communication technology(medium, protocol, etc.) that you are trying to protect with thecommunication information. In such embodiments, it may be difficult tosecurely exchange the communication information. For example, if twodevices want to communicate via Wi-Fi, it may be difficult to use Wi-Fito securely exchange (unidirectional or bidirectional exchange) secretcommunication information, as other listening devices may intercept thetransaction.

In some embodiments, a user may provide communication informationmanually to one or more devices in a network. For example a user mayselect a Wi-Fi network on a laptop and provide a password to allow thelaptop to join the selected Wi-Fi network. Manually enteringcommunication information may be inconvenient and/or introduce thepossibility of human error.

A key aspect of some lighter-weight wireless protocols, such as Zigbee,is that the devices are small and/or cheap. Such Zigbee devices may nothave keyboards, mice, displays, and/or other peripheral devices.Accordingly, it may be difficult or impractical to manually providecommunication information to such devices. In any event, manuallyentering communication information, including passwords and othernetwork settings and/or parameters, may be inconvenient and/or introducethe possibility of human error.

According to various embodiments, communication information may beexchanged using an out-of-band (OOB) communication channel. For example,if the communication modules of two devices utilize Wi-Fi, the twodevices may utilize an OOB communication module to exchangecommunication information. An OOB communication module may utilizeinfrared, ultrasonic, visual light, sound, and/or human interaction tomore securely transfer communication information.

According to one embodiment, a host device provides communicationinformation to an edge device using one or more of infrared, ultrasonic,visual light, sound, and/or human interaction. The edge device then usesthe communication information received via the OOB communication channelto establish a secure communication channel using a different (i.e., thein-band communication channel) communication channel (e.g., Wi-Fi,Zigbee, 3G, etc.).

According to various embodiments, a CPWC system and/or method, such asNFC, is utilized as an OOB communication channel to exchangecommunication information. Continuing to use NFC as the exemplary CPWC,exchanging communication information via NFC has multiple advantages,including: (1) it minimizes the risk of accidently joining the wrongnetwork; (2) it reduces the likelihood of user error, as no manual dataor button pushes are involved; (3) it is easily performed by bringingdevices within close proximity of one another; (4) pairing can beperformed relatively quickly; and (5) it is relatively secure.

Regarding security, the exchange of communication information using NFCas an OOB communication channel prevents attackers from eavesdropping,impersonation, data modification attacks, and other security risks. Forinstance, the possibility of man-in-the-middle attacks are reduced orprevented, as long as physical access to the host device is limited. TheNFC communication may be limited to several tens of centimeters, and thefrequency used for NFC, approximately 13.56 MHz, may be inherentlydifficult to eavesdrop.

According to various embodiments of the systems and methods describedherein, a host device may include a microprocessor or other processingunit. The microprocessor may be in communication with a communicationmodule and an NFC module. The communication module may be a wirelesscommunication module, such as a Zigbee communication module or a Wi-Ficommunication module. In other embodiments, the communication module maybe an Ethernet communication module or other wired communication module.The NFC module may be at least an NFC writer configured to writeinformation to NFC tags, but may also be an NFC reader/writer in someembodiments. The microprocessor may communicate with the NFC module andthe communication module via physical connections (e.g., wires, traces,etc.) or using a wireless communication technology.

An edge device may include a microprocessor or other processing unit.The microprocessor may be in communication with a communication moduleand a dynamic NFC tag. The microprocessor may communicate with thedynamic NFC tag and the communication module via physical connections(e.g., wires, traces, etc.) or using a wireless communicationtechnology. The communication module associated with the edge device maybe configured to communicate with the communication module associatedwith the host device. The dynamic NFC tag may be writeable by the NFCmodule, such that the NFC module associated with the host device canwrite communication information (e.g., password, parameters, settings,passkey, etc.) to the dynamic NFC tag. The dynamic NFC tag may also bereadable at least by the microprocessor of the edge device.

Accordingly, the microprocessor of the edge device may be configured toread the communication information received by the dynamic NFC tag andthen use the received communication information to securely communicatewith the host device via the communication module. In variousembodiments, the dynamic NFC tag may not be NFC readable and/or thereceived communication information may be erased, purged, or otherwiseexpire from the dynamic NFC tag after the communication information ismade available to the microprocessor of the edge device or a memoryaccessible by the microprocessor of the edge device. The deletion of thecommunication information from the dynamic NFC tag may prevent itsdiscovery by attackers.

According to various embodiments, any of the various components of theedge device and the host device may be combined into a single componentand/or incorporated within a larger electronic or mechanical system. Forexample, the processing unit may be embodied as application-specifichardware, software, and/or firmware to facilitate the transfer of thecommunication information from the dynamic NFC tag to a location for useby the communication module for secure communications. In oneembodiment, a single secure communication component may perform thefunctions described herein as being performed by one or more of theprocessing unit, the NFC (or other CPWC) tag and/or module, and thecommunication module.

In various embodiments, the communication information may be generatedby the host device and shared, via NFC, with the edge device. In otherembodiments, the communication information may be generated by the hostdevice and/or the edge device based on a bidirectional exchange ofcommunication information. For example, in some embodiments, the NFCmodule of the host device may read information stored on the dynamic NFCtag of the edge device and use the read information to generatecommunication information specific to the particular edge device. Inanother embodiment, the host device and the edge device may eachexchange a portion of the communication information. One or both of thedevices may combine the OOB exchanged portions of the information togenerate shared communication information that is used for securecommunication on the in-band communication channel.

A specific embodiment is described below including a Wi-Fi router, alaptop computer as an edge device, a Zigbee coordinator as an edgedevice of the Wi-Fi router, and a thermostat as an edge device of theZigbee coordinator. The Wi-Fi router may include a Wi-Fi communicationmodule connected to a microprocessor. Additionally, the Wi-Fi router mayinclude at least an NFC writer. In some embodiments, the Wi-Fi routermay include a fully NFC-enabled device configured to read and write NFCtags. In other embodiments, the Wi-Fi router may include a partiallyNFC-enabled device able to write NFC tags, but not read NFC tags.

The laptop may include a Wi-Fi communication module as well. The systemsand methods described herein may be used to establish a securecommunication channel via the Wi-Fi communication modules. For instance,the laptop computer may include a dynamic NFC tag in communication witha processing unit. The processing unit may also be in communication withthe wireless communication module. The processing unit may be theprimary processor of the laptop computer or may be a separate processingunit.

The laptop computer, or at least the dynamic tag portion of the laptopcomputer may be brought into close proximity (e.g., less than a few tensof centimeters) with the Wi-Fi router. When sufficiently close for NFCcommunication, the NFC module of the Wi-Fi router may transmitcommunication information (e.g., SSID information and a WPA2 password)to the dynamic NFC tag of the laptop computer. The processing unit ofthe laptop computer may then read the communication information receivedby the dynamic NFC tag. The Wi-Fi communication module of the laptopcomputer may then use the received communication information toestablish a secure communication channel and/or securely communicatewith the Wi-Fi communication module of the Wi-Fi router.

In the specific embodiment, the Zigbee coordinator may function as anedge device with respect to the Wi-Fi router and as a host device withrespect to the thermostat. Accordingly, the Zigbee coordinator mayinclude a dynamic NFC tag and be paired (i.e., exchange communicationinformation) with the Wi-Fi router in the same manner as described withregard to the laptop computer. The Zigbee coordinator may also includean NFC module (fully or partially NFC-enabled, but at least able towrite NFC tags).

The thermostat may be a relatively simple device configured to performvarious thermostat functions and communicate with the Zigbee coordinatorusing a Zigbee communication module. The Zigbee communication module ofthe thermostat may be paired with the Zigbee coordinator. Accordingly,the thermostat may include a dynamic NFC tag for receiving communicationinformation from the NFC module of the Zigbee coordinator. The Zigbeecommunication module of the thermostat may use the communicationinformation received by the dynamic NFC tag to securely communicate withthe Zigbee communication module of the Zigbee coordinator. As describedabove, the thermostat may be brought into close proximity with theZigbee coordinator for the NFC module of the Zigbee coordinator totransmit the communication information to the dynamic NFC tag of thethermostat.

The presently described systems and methods may be utilized to deploy asecure wireless (or wired) network using an OOB exchange ofcommunication information between devices. The described systems andmethods may allow for the deployment of a wireless network in a hostileor otherwise unsecure location, such as a public area, a hospital, amilitary location, and/or the like.

In one example involving a cable set top box, a user may only subscribeto a limited number of channels. A second device, such as a cellularphone, laptop, or other electronic device, may be configured tocommunicate using any of the CPWC systems and/or methods describedherein to transfer a channel line-up of available channels (based on theuser subscription) between the cable set top box and the second device.For instance, in some embodiments, the second device may transfer thechannel line-up to the set top box so that the set top box will be awareof the available (or unavailable channels). In other embodiment, the settop box may transfer the channel line-up to the second device so thatthe second device is aware of the available (or unavailable channels).The exchange of the channel line-up may be performed using NFC,Bluetooth low energy, and/or another CPWC technology.

The phrases “connected to” and “in communication with” include any formof communication between two or more components, including mechanical,electrical, magnetic, and electromagnetic interaction. Two componentsmay be connected to or in communication with each other, even thoughthey may not be in direct contact with each other, and/or even thoughthere may be intermediary devices between the two components.

Accordingly, in some embodiments, a coordinator may transfercommunication information to a first edge device. The coordinator maytransfer the same, different, and/or complimentary communicationinformation to a second edge device. The second edge device may be saidto communicate with the coordinator, even if such communication takesplace through an intermediary device, such as the first edge device.

As used herein, the term “electronic device” may refer to any of a widevariety of wireless or wired electronic devices capable of datacommunication, including sensors, relays, regulators, controllers,monitors, communication devices, personal electronic devices, computers,laptops, tablets, personal computers, network devices, routers, hubs,switches, network node devices, network host devices, and the like.Moreover, an electronic device may refer to any of a wide variety ofnetworking and/or communication modules, systems, and/or components thatmay be incorporated as a component in a larger system or device.

Some of the infrastructure that can be used with embodiments disclosedherein is already available, such as: general-purpose computers,computer programming tools and techniques, digital storage media, andcommunications networks. An electronic device may include a processingunit, such as a microprocessor, microcontroller, logic circuitry, or thelike. The processing unit may include a special purpose processingdevice, such as an ASIC, PAL, PLA, PLD, FPGA, or other customized orprogrammable device. An electronic device may also include acomputer-readable storage device, such as non-volatile memory, staticRAM, dynamic RAM, ROM, CD-ROM, disk, tape, magnetic memory, opticalmemory, flash memory, or other computer-readable storage medium.

Aspects of certain embodiments described herein may be implemented assoftware modules or components. As used herein, a software module orcomponent may include any type of computer instruction or computerexecutable code located within or on a computer-readable storage medium.A software module may, for instance, comprise one or more physical orlogical blocks of computer instructions, which may be organized as aroutine, program, object, component, data structure, etc., that performsone or more tasks or implements particular abstract data types.Similarly, hardware modules may include any of a wide variety ofelectrical, mechanical, and/or biological components. Thus, a module ingeneral may refer to any combination of software, hardware, and/orfirmware components configured to function a particular way. Any of awide variety of programming languages and/or hardware architectures maybe utilized in conjunction with the various embodiments describedherein.

In some cases, well-known features, structures, or operations are notshown or described in detail. Furthermore, the described features,structures, or operations may be combined in any suitable manner in oneor more embodiments. It will also be readily understood that thecomponents of the embodiments, as generally described and illustrated inthe figures herein, could be arranged and designed in a wide variety ofdifferent configurations. In addition, the steps of a method do notnecessarily need to be executed in any specific order, or evensequentially, nor need the steps be executed only once, unless otherwisespecified.

The embodiments of the disclosure may be understood by reference to thedrawings, wherein like parts are designated by like numerals throughout.The components of the disclosed embodiments, as generally described andillustrated in the figures herein, could be arranged and designed in awide variety of different configurations. Any of the various embodimentsdescribed herein may be combined in whole or in part with any otherembodiment described herein.

The dynamic NFC tags illustrated and described herein may be embodied inany shape, size, and/or configuration. Substitution of other types ofCPWC tags may be physically different but are intended to be representedby the illustrated NFC tags. As such, a “tag” as used herein includesany type of CPWC “tag” as applicable to the various alternative CPWCcommunication technologies. Thus, the term “tag” includes receiver,transceivers, and other receiving-components in a communication system.For example, a CPWC tag may be embodied as a TransferJet receiver and/orTransferJet transceiver. Alternatively, the CPWC tag may be embodied asa Bluetooth low energy receiver or transceiver.

Thus, the illustrated embodiments are not intended to convey anyinformation regarding, size, configuration, functionality, connectivity,dimensions, or any other characteristic of any component, includingthose of the dynamic NFC tags. As previously stated, NFC modules,writers, readers, and tags are provided as examples of possible CPWCmodules, writers, readers, and tags. Thus, the following detaileddescription of the embodiments of the systems and methods of thedisclosure is not intended to limit the scope of the disclosure, asclaimed, but is merely representative of possible embodiments.

FIG. 1 illustrates an embodiment of a system 100 of multiple local areanetworks (LANs) 111, 112, 113, 114, 115 connected to a wide area network(WAN) 110. As illustrated, a LAN router 111 may connect a LAN of edgedevices, such as portable electronic device 121, television 122,computer 123, security alarm 124, and thermostat 125.

According to various embodiments, each of the various edge devices 121,122, 123, 124, and 125 may be brought in close proximity with the hostdevice 111 (LAN router) to receive communication information from thehost device 111. Each of the edge devices 121, 122, 123, 124, and 125may utilize the communication information to securely communicate overthe LAN. For example, one or more of the edge devices 121, 122, 123,124, and 125 may communicate with (and/or via) the LAN router 111 usingthe communication information. The communication information may betransferred from the LAN router 111 (as the host device) to one or moreof the edge devices 121, 122, 123, 124, and 125 using any one of thevarious methods and/or systems described herein.

For example, the portable electronic device 121 may be brought intoclose proximity with the LAN router 111. The LAN router 111 may thentransmit communication information to the portable electronic device121. The LAN router 111 may transmit the communication information usingan OOB NFC module to a dynamic NFC tag of the portable electronic device121. A processing unit of the dynamic NFC tag of the portable electronicdevice 121 may read the communication information obtained by thedynamic NFC tag from the NFC module of the LAN router 111. The portableelectronic device 121 may utilize the communication information tosecurely communicate with (and/or via) the LAN router 111.

The other edge devices 122, 123, 124, and 125 may receive communicationinformation via the NFC methods described herein as well. As previouslydescribed, the communication information may include one or more of anauthentication key, a password, login information, a passphrase, acertificate, a digital signature, a code, keychain information, aconfiguration setting, a network address, a port number, a protocolidentifier, cryptographic keys, virtual private network settings, achannel, a personal preference, and a communication parameter. In someembodiments, the communication information may also include portforwarding information to facilitate the automatic or semi-automaticconfiguration of port forwarding of one or more of the edge devices121-125 to enable access to the edge device 121-125 from the WAN 110.

FIG. 2 illustrates an embodiment of a Zigbee network 200, including aZigbee coordinator 210 and multiple Zigbee edge devices 211, 212, 213,214, 215, 216, 217, and 218. Similar to the connection of the edgedevices described in conjunction with FIG. 1, each of the edge devices211-218 may receive communication information for connecting to theZigbee coordinator 210 via an OOB exchange of communication information.The OOB exchange of communication information may include a CPWC moduleof a host device (e.g., the Zigbee coordinator 210) transmitting thecommunication information to a CPWC tag of an edge device 211-218. Insome embodiments, one or more of the Zigbee edge devices 211, 212, 213,214, 215, 216, 217, and 218 may actively route data from, to, or betweenother edge devices and the coordinator 210. Any of the various systemsand methods described herein for establishing a secure network and/orsecurely communicating may be used in conjunction with the Zigbeenetwork illustrated in FIG. 2.

FIG. 3 illustrates an embodiment 300 of a WAN 309, various LANs 311,312, 313, a local Wi-Fi network 310, a Wi-Fi router 350, various Wi-Fiedge devices 321 and 322, a local Zigbee coordinator 323, and variousZigbee edge devices 331, 332, 333, and 334. Using any of the variousmethods and systems described herein, the tablet 322 and computer 321may receive communication information via a dynamic NFC tag from an NFCmodule of the Wi-Fi router 350. In the illustrated embodiment, theZigbee coordinator 323 may function as an edge device and receivecommunication information from the Wi-Fi router 350 via an OOB exchangeusing a dynamic NFC tag and NFC module as well.

The Zigbee coordinator 323 may also function as a host device byproviding Zigbee communication information to each of the Zigbee edgedevices 331, 332, 333, and 334. As described in various embodimentsherein, the Zigbee coordinator 323 may transmit, via an OOB NFC or otherCPWC transmission, Zigbee communication information with the Zigbee edgedevices 331-334. The Zigbee edge devices 331-334 may receive thecommunication information via dynamic NFC tags. A processing unit ofeach Zigbee edge device 331-334 may utilize the obtained communicationinformation to communicate via a Zigbee communication module with theZigbee coordinator 323.

FIG. 4A illustrates an embodiment of a host device 410 (e.g., acoordinator), including a processing unit 411, a wireless communicationmodule 417, and an NFC module 413. The processing unit 411 may be incommunication with the wireless module 417 and/or the NFC module 413 viawires, traces, a wireless connection, and/or via another dataconnection.

As described herein, the host device 410 may include a sensor, relay,regulator, controller, monitor, communication device, personalelectronic device, computer, laptop, tablet, personal computer, cellularphone, hotspot, network device, router, hub, switch, network nodedevice, network host device, or the like. The host device 410 may beincorporated as part of a larger system.

The wireless communication module 417 may include one or more of aZigbee communication module, a Z-Wave communication module, a Bluetoothcommunication module, an EnOcean communication module, a DECTcommunication module, a UWB communication module, a wireless USBcommunication module, a 6LoWPAN communication module, a Wi Maxcommunication module, an LTE communication module, and/or a Wi-Ficommunication module.

The NFC module 413 may be configured to transmit 415 communicationinformation to an edge device 420 (FIG. 4B). The NFC module 413 may besubstituted and/or augmented with any of a wide variety of CPWC modules.The NFC module 413 may be configured to write to a dynamic NFC tag. TheNFC module 413 may also be configured to read dynamic NFC tags.According to various embodiments, the processing unit 411 may beconfigured to generate, read from memory, and/or otherwise determinecommunication information. In some embodiments, the NFC module 413 maybe configured to read edge data from a dynamic NFC tag. The edge datamay be used by the processing unit 411 to generate and/or otherwisedetermine communication information.

FIG. 4B illustrates an embodiment of an edge device 420 (e.g., athermostat), including a processing unit 421, a wireless communicationmodule 425, and a dynamic NFC tag 423. The processing unit 421 may be incommunication with the wireless module 425 and/or the dynamic NFC tag423 wirelessly, via wires, via traces, and/or via another dataconnection.

As described herein, the edge device 420 may include a sensor, relay,regulator, controller, monitor, communication device, personalelectronic device, computer, laptop, tablet, personal computer, cellularphone, hotspot, network device, router, hub, switch, network nodedevice, network host device, or the like. The edge device 420 may beincorporated as part of a larger system.

The wireless communication module 425 may include one or more of aZigbee communication module, a Z-Wave communication module, a Bluetoothcommunication module, an EnOcean communication module, a DECTcommunication module, a UWB communication module, a wireless USBcommunication module, a 6LoWPAN communication module, a Wi Maxcommunication module, an LTE communication module, and/or a Wi-Ficommunication module. The wireless communication modules 425 and 417(FIG. 4A) may be configured to securely communicate using thecommunication information.

Accordingly, the dynamic NFC tag 423 may be configured to receive thecommunication information from the NFC module 413 (FIG. 4A). In someembodiments, the dynamic NFC tag 423 may also be configured tocontribute to the generation of the communication information and/oraugment the communication to facilitate secure communications. Forexample, the NFC module 413 (FIG. 4A) may read data from the dynamic NFCtag 423 and use it to facilitate secure communication. Even in suchembodiments, the processing unit 421 may read the communicationinformation obtained by the dynamic NFC tag 423. The edge device 420 maythen utilize the communication information to securely communicate viawireless communication module 425 with the wireless communication module417 of the host device 410.

FIGS. 5A-5E illustrate an 00B exchange of communication information(illustrated as a key) from a host device 510 to an edge device 520. Thecommunication information may be used to facilitate securecommunications between the host device 510 and/or the edge device 520.For example, the communication information may include a networkconfiguration setting, communication parameter, protocol identifier,port number, network address, keychain information, code, digitalsignature, certificate, passphrase, login information, SSID,authentication key, password, and/or any other network framework data.

FIG. 5A illustrates a host device 510 with a key (communicationinformation) and an edge device 520 without the key (communicationinformation). The processing unit 511 of the host device 510 maygenerate the communication information, as described above. The hostdevice 510 may generate the communication information independent of theedge device 520. In other embodiments, the communication informationused to facilitate secure communication between the host device 510 andthe edge device 520 may be generated jointly by a bidirectional exchangeof information between the NFC module 513 of the host device 510 and theNFC tag 523 of the edge device 520. The wireless communication modules517 and 525 may utilize the communication information to communicatesecurely and/or establish a secure communication channel.

FIG. 5B illustrates the NFC module 513 associated with the host device510 exchanging the communication information 550 with the dynamic NFCtag 523 associated with the edge device 520. The range of the NFCtransfer 515 may be limited to a few tens of centimeters. As such, theexchange of the communication information 550 may be secure and nearlyimpervious to interception by an attacker.

FIG. 5C illustrates the communication information 550 transferred to thedynamic NFC tag 523 of the edge device 520. In some embodiments, thedynamic NFC tag 523 may be configured to push the obtained communicationinformation 550 to memory accessible to the processing unit 521. Theprocessing unit 521 may be configured to read the obtained communicationinformation 550 from the memory. In other embodiments, the processingunit 521 may directly read the obtained communication information 550 onthe dynamic NFC tag 523.

FIG. 5D illustrates the communication information transferred from thedynamic NFC tag 523 to the processing unit 521 of the edge device 520.According to various embodiments, the communication information may beerased, decay, and/or otherwise not be present on the dynamic NFC tag523 after a short period of time and/or after it has been transferredand/or read by the processing unit 521 and/or memory accessible to theprocessing unit 521.

FIG. 5E illustrates the edge device 520 securely communicating with thehost device 510 via the wireless communication modules 517 and 525 usingthe exchanged communication information. As described herein, thecommunication information may relate to any of a wide variety ofcommunication settings or parameters for enhancing the security of thecommunication. For example, the host device 510 and the edge device 520may encrypt and decrypt communication using the communicationinformation.

FIG. 6 illustrates a method 600 for an 00B exchange of communicationinformation between two devices using NFC to facilitate securecommunication over a disparate communication channel (i.e., the in-bandcommunication channel). Initially, communication information may begenerated 610 for establishing secure communication. Establishing securecommunication may include establishing a secure communication channeland/or otherwise facilitating secure communications (e.g., encryption,channel selection, etc.).

An NFC module (or other CPWC module) of a first device may transmit 620communication information to a dynamic tag (e.g., a dynamic NFC tag) ofa second device. A microprocessor, or other processing unit, of thesecond device may read 630 the communication information obtained by thedynamic NFC tag. The second device (and/or the first device) may thenuse the obtained communication information to facilitate 640 securecommunication between communications modules of the first and seconddevices.

The above description provides numerous specific details for a thoroughunderstanding of the embodiments described herein. However, those ofskill in the art will recognize that one or more of the specific detailsmay be omitted, modified, and/or replaced by a similar process orsystem.

What is claimed:
 1. A method for secure communication, comprising:obtaining, via a close proximity wireless communication (CPWC) tagassociated with a first device, information from a CPWC moduleassociated with a second device; reading, via a first device processingunit, the information obtained by the first device dynamic CPWC tag; andobtaining, via a third device CPWC tag, information from the seconddevice CPWC module; reading, via a third device processing unit, theinformation obtained by the third device CPWC tag; communicating, via afirst device communication module, with a second device communicationmodule using the obtained information from the second device CPWCmodule; and communicating, via a third device communication module, withthe second device communication module using the obtained informationfrom the second device CPWC module.
 2. The method of claim 1, whereineach of the CPWC modules comprises a near field communication (NFC)module, and wherein each of the CPWC tags comprises a dynamic NFC tag.3. The method claim 1, wherein each of the CPWC modules comprises aBluetooth low energy module, and wherein each of the CPWC tags comprisesa Bluetooth low energy receiver.
 4. The method claim 1, wherein thefirst, second, and third communication modules comprises one or more ofa: ZigBee communication modules, Z-Wave communication modules, Bluetoothcommunication modules, EnOcean communication modules, DECT communicationmodules, UWB communication modules, wireless USB communication modules,6LoWPAN communication modules, Wi Max communication modules, LTEcommunication modules, and Wi-Fi communication modules.
 5. A method forsecure communication between a first device and a second device,comprising: obtaining, via a dynamic near field communication (NFC) tagassociated with a first device, information from an NFC moduleassociated with a second device; reading, via a first device processingunit, the information obtained by the first device dynamic NFC tag; andcommunicating, via a first device communication module, with a seconddevice communication module using the obtained information from thesecond device NFC module.
 6. The method of claim 5, wherein the firstand second device communication modules each comprise a wirelesscommunication module.
 7. The method of claim 5, wherein the first andsecond device communication modules each comprise one of: ZigBeecommunication modules, Z-Wave communication modules, Bluetoothcommunication modules, EnOcean communication modules, DECT communicationmodules, UWB communication modules, wireless USB communication modules,6LoWPAN communication modules, Wi Max communication modules, LTEcommunication modules, and Wi-Fi communication modules.
 8. The method ofclaim 5, further comprising: generating, via a second device processingunit, the information; transmitting the information from the seconddevice processing unit to the second device NFC module; and transmittingthe information from the second device NFC module to the first devicedynamic NFC tag.
 9. The method of claim 8, further comprising:obtaining, via the second device NFC module, device informationassociated with the first device from the first device dynamic NFC tag,and wherein the information generated by the second device processingunit is generated using the device information obtained by the seconddevice NFC module from the first device dynamic NFC tag.
 10. The methodof claim 5, further comprising: transmitting device informationassociated with the first device from the first device dynamic NFC tagto the second device NFC module; and facilitating communication betweenthe first device and the second device using the obtained informationfrom the second device and the device information associated with thefirst device.
 11. The method of claim 5, wherein the obtainedinformation is generated by a second device processing unit independentof any information associated with the first device.
 12. The method ofclaim 5, further comprising removing the communication information fromthe first device dynamic NFC tag.
 13. The method of claim 5, wherein theobtained information comprises at least one of an authentication key, apassword, login information, a passphrase, a certificate, a digitalsignature, a code, keychain information, a configuration setting, anetwork address, a port number, a protocol identifier, a channel, achannel line-up, a preference, and a communication parameter.
 14. Anelectronic device comprising: a dynamic near field communication (NFC)tag that is NFC-writable, wherein the dynamic NFC tag is configured toobtain information from a remote device NFC module; a processing unit incommunication with the dynamic NFC tag, wherein the processing unit isconfigured to read the information obtained from the remote device NFCmodule; and a communication module in communication with the processingunit configured to communicate with a remote device communication moduleusing the obtained information.
 15. The device of claim 14, wherein thecommunication module of the electronic device comprises a wirelesscommunication module.
 16. The device of claim 14, wherein thecommunication module of the electronic device comprises one of: a ZigBeecommunication module, a Z-Wave communication module, a Bluetoothcommunication module, a EnOcean communication module, a DECTcommunication module, a UWB communication module, a wireless USBcommunication module, a 6LoWPAN communication module, a Wi Maxcommunication module, an LTE communication module, and a Wi-Ficommunication module.
 17. The device of claim 14, wherein the dynamicNFC tag is configured to transmit device information associated with theelectronic device to the remote device NFC module.
 18. The device ofclaim 17, wherein the communication module of the electronic device isconfigured to communicate with the remote device communication moduleusing the obtained information and the device information.
 19. Thedevice of claim 14, wherein the obtained information is configured to beerased from the dynamic NFC tag after the processing unit has read theinformation obtained by the dynamic NFC tag.
 20. The device of claim 14,wherein the obtained information comprises at least one of anauthentication key, a password, login information, a passphrase, acertificate, a digital signature, a code, keychain information, aconfiguration setting, a network address, a port number, a channel, achannel line-up, a preference, and a communication parameter.